In a world where most people used passphrases instead of passwords, wouldn't an attack that generates a random string of words (alternating between word delimiters) be similarly effective to a brute force attack? Of course, there are many more possible words than possible characters, but I suspect in practice the range of words that are actually used could be predicted by a decent heuristic.

Am I just displaying my ignorance of the topic or does this make sense?

4 Answers
4

Generally speaking, you can always assume that brute force attacks will always be possible. The trick is limiting how effective they can be. Increasing the length, and or complexity but preferably length, is a good way to slow down a brute force.

So we can discuss specifics, let's assume that the attacker has access to your password hash and cannot use any shortcuts such as hash lookup tables. The length of time necessary to succeed is pretty strongly dependent on the speed of the compute power available. That is, a computer that is capable of checking 1,000 passwords per second will take much longer than a computer that is capable of checking 100,000 passwords per second. As compute power increases on computer systems, the length of time to perform an off-line brute force will decrease. So in this case you would want your password, or passphrase, to be sufficiently complex to render the brute force time longer than the expected lifespan of the password. That is, if you change your password every 6 months you want it to take at least 7 months to break.

Another common brute force method is to attempt to log into a life system, this is what you'll see commonly in scans, such as Morto, that have a common password list and look for systems using some simple credentials. Here the same principles apply, except you have a little more control over how the process can be slowed down. For instance, you can lock out remote systems after a certain number of attempts, respond with the Bad Password message with increasing delays, or lock out accounts after a certain number of bad passwords. All of those have their downsides, in that they can be used as a mechanism for DoS attacks. They are, however, fairly common. In some cases, such as PCI compliance, account lock outs are actually required.

"As compute power increases on computer systems" New systems should (not to say they would) use a hash function that takes even more computer power, thus keeping the number of guesses down to under 1000 per second. Though you can't count on systems meeting this level of security, and you also need to keep in mind a hacker could rent some more powerful cloud-based resources to run his cracking routines.
–
George BaileyApr 11 '12 at 20:41

@GeorgeBailey: I'll leave our resident cryptographers to comment conclusively, but so far as I know computers have been increasing in compute power more quickly than hash functions have been increasing in complexity. But, yeah, I was trying to be purposefully conversational. Distributing computation across rented or stolen nodes is definitely worth keeping in mind.
–
Scott PackApr 11 '12 at 20:45

(just in case, to prevent misunderstanding) A modern hash routine (such as bcrypt) can be adjusted for the hardware it runs on. This means that no matter how fast computers get, the hash routine can keep up. There are of course factors to think about such as specialized hardware that completes the routines more efficiently. (GPU comes to mind, though it is limited when it comes to bcrypt) If I was to have my way, hash routines would take 20-200ms. This is very reasonable for a login or signup page, and creates an above-average resistance. (this figure is still subject to attacker hardware)
–
George BaileyApr 11 '12 at 23:45

Yes, it is just as vulnerable to a brute force attack as a password, if the attacker treats it as a pass phrase.

If you assume no delimiters and a 15,000 word vocabulary, then a 4 word passphrase has similar entropy to a 10 character mixed case alphanumeric password and so will take about the same time to brute force.

The reason you might use a pass phrase is not because it is stronger, but because it is easier for users to remember.

You're correct. If you were to use only dictionary words in a passphrase, then you're just dealing with an 'alphabet' of all the words in your language (which is admittedly much larger than 26), but you probably only use a handful of words in your passphrase so you may not buy yourself much additional security.

However, with the small tweak of using at least one non-dictionary word, your passphrase becomes exponentially more secure. If you have 5 dictionary words with a few special characters or substitutions sprinkled in, then you're not vulnerable to a brute-force (which is only feasible for < a dozen characters, or so on most platforms), and you're no longer vulnerable to the dictionary passphrase attack you mention.

I've been using passphrases for many years now, but instead of using it directly, I'm modifying it a little bit. For example my passphrase may look like that:

Th1$#I$#My#3x@mpl3#P@$$phr@$3

It's easier to remember than "truly random password" and, in general, it gives me acceptable level of security. Guessing correct words is not sufficient in this case, attacker must also guess transformation I used to create my passphrase (the transformation should be somehow unique every time you create your passphrase). Of course even longest passphrase is not secure if you use it in many places.

As a side note I want to mention that I'm also using password manager application (KeePass) and for every account that I don't have to remember my password, I use automatically generated one. Using unique passwords is good security practice, but it can be quite burdensome if you are trying to remember them all. Even if you are using passphrases.

In the worst case P@$sPhr@$3 is as secure as underlying passphrase, so I agree with you that choosing a strong passphrase is crucial. Substitution is only an addition which may be useful if someone is trying to crack your passphrase using something like Google n-gram corpus and your passphrase is present in such "dictionary".
–
pgolenApr 12 '12 at 4:55